Two-factor authentication support

Details

Description

For security-conscious institutions, it may be useful to add a two-factor authentication mechanism to VuFind. This should obviously be optional, but when activated, would prompt the user for a second form of authentication after their initial login.

There are a few things to think about before designing the system:

1.) What should the plugin interface look like for providing secondary authentication? Do we want to offer the option of chaining together two existing authentication methods in an effort to make the system more generic, or is secondary authentication a substantially different operation than primary authentication?

2.) Would the addition of 2-factor authentication have any impact on the long-unresolved discussion about "remember me" functionality in VUFIND-619? Do we want a "remember this device" feature to bypass 2-factor on trusted devices? Do we want a "remember me" feature that skips primary login but prompts for secondary confirmation?

Obviously question 1 is more important for moving forward -- question 2 can be addressed as a second phase of development.

In any case, please share your thoughts on this, and up-vote the ticket if your institution is likely to need this.